The adoption of an International Management System, like an Information Security Management System (ISMS) or a Business Continuity Management System (BCMS), is a strategic decision to protect an organization against an unwanted event. Despite the general aim, one size does not fit all. Each organization has its own expectations and objectives, which require the definition and implementation of specific strategies.